• 




012720-35/00-02 

-29- 
CLAIMS 

1 1 . A method of allowing access by a workstation connected to a first network 

2 of a highest security level, to information in a second network of a lower security 

3 level, the method comprising the steps of: 

4 routing connections for input devices for the workstation to a proxy in 

5 the second network; 

6 establishing a remotable session in the second network; 

J 7 connecting the input devices to the remotable session through the 

u 8 proxy in the second network so that the input devices are operable to control 

SJ 9 applications running in the remotable session; 

B 

^ 10 sending output from the remotable session through the proxy in the 

: 1 £ 

11 second network to a proxy in the first network through a diode that ensures 

n 12 that information only flows in one direction; and 

13 foHA/arding the output from the proxy in the first network to a remote 

1 4 session viewer at the workstation. 



1 2. The method of claim 1 wherein the establishing step includes sending a 

2 login screen and further comprising the step of receiving login information for a user 

3 at the second network. 
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1 3. Apparatus for allowing access by a workstation connected to a first network 

2 of a highest security level, to information in a second network of a lower security 

3 level, the apparatus comprising: 

4 means for routing connections for input devices for the workstation to a 

5 proxy in the second network; 

6 means for establishing a remotable session in the second network; 

7 means for connecting the input devices to the remotable session 

8 through the proxy in the second network so that the input devices are operable 

9 to control applications running in the remotable session; 

10 means for sending output from the remotable session through the proxy 

1 1 in the second network to a proxy in the first network through a diode that en- 

1 2 sures that information only flows in one direction; and 

13 means for fonA/arding the output from the proxy in the first network to a 

14 remote session viewer at the workstation. 



1 4. A system for selectively allowing access by a workstation connected to a 

2 plurality of networks to information in a network of the highest security level or in a 

3 selected network from one or more other networks of lower security levels, the sys- 

4 tem comprising: 

5 a switching unit for selectively routing connections for input devices to 

6 the workstation or to the selected network; 
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7 a plurality of programmable computer systems disposed in the plurality 

8 of networks, each of the programmable computer systems operable to execute 

9 applications under the control of the workstation; 

10 a plurality of diode servers disposed one each in each of the plurality of 

1 1 networks, each diode server in the one or more other networks connected to 

12 the switching unit and at least one programmable computer system and oper- 
O 13 able as a proxy to connect the switching unit to a remotable session in the se- 

14 lected network, a selected diode server further operable to.forward output from 

tl 1 5 the remotable session to the network of the highest security level for display in 

^1 1 6 a remote session viewer at the workstation; and 

u 17 one or more diodes disposed one each between a diode server in one 

-™ „ 

ESS 

H= 18 of the one or more other networks and a diode server in the network of the 



g 19 highest security level so that information can flow only from the selected net- 

20 work to the network of the highest security level. 



1 5. A method of operating a server to proxy access by a workstation connected 

2 to a first network of a highest security level, to information in a second network of a 

3 lower security level, the method comprising the steps of: 

4 establishing a remotable session in the second network; 

5 connecting the input devices to the remotable session through the 

6 server so that the input devices are operable to control applications running in 

7 the remotable session; and 
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8 sending output from the remotable session to the first network through 

9 a diode that ensures that information only flows from the server in the second 
1 0 network to the first network. 

1 6. The method of claim 5 wherein the establishing step includes sending a 



2 login screen and further comprising the step of receiving login information for a user 

3 at the second network. 



1 7. A computer program product for enabling a server to proxy access by a 

2 workstation connected to a first network of a highest security level, to information in a 

3 second network of a lower security level, the computer program product including a 

4 computer program comprising: 

5 instructions for establishing a remotable session in the second network; 

6 instructions for connecting the input devices to the remotable session 

7 through the server so that the input devices are operable to control applica- 

8 tions running in the remotable session; and 

9 instructions for sending output from the remotable session to the first 

10 network through a diode that ensures that information only flows from the 

1 1 server in the second network to the first network. 
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1 8. The computer program product of claim 7 wherein the computer program 

2 further comprises instructions sending a login screen and receiving login information 

3 for a user at the second network. 



1 9. The computer program product of claim 7 wherein the instructions for 

2 sending output further include instructions for software throttling. 



1 10. The computer program product of claim 8 wherein the instructions for 

2 sending output further include instructions for software throttling. 



1 11. Apparatus for granting access by a workstation connected to a first net- 

2 work of a highest security level, to information in a second network of a lower security 

3 level, the apparatus comprising: 

4 means for establishing a remotable session in the second network; 

5 means for connecting the input devices to the remotable session so that 

6 the input devices are operable to control applications running in the remotable 

7 session; and 

8 means for sending output from the remotable session to the first net- 

9 work through a diode that ensures that information only flows from the second 
1 0 network to the first network. 
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1 12. A programmed computer system which is operable to proxy access by a 

2 workstation connected to a first network of a highest security level, to information In a 

3 second network of a lower security level by performing the steps of: 

4 establishing a remotable session In the second network; 

5 connecting the Input devices to the remotable session through the 
^ 6 server so that the Input devices are operable to control applications running in 
m 7 the remotable session; and 

M; 8 sending output from the remotable session to the first network through 

9 a diode that ensures that Information only flows from the server in the second 

12 1 0 network to the first network. 

1 13. The computer system of claim 12 which Is further operable to apply soft- 

2 ware throttling to the output being sent to the first network. 

1 14. A system for allowing access by a workstation connected to a first network 

2 of a highest security level, to information In a second network of a lower security 

3 level, the system comprising: 

4 a diode handler object for communicating between the system and a 

5 diode that allows Information to flow In only one direction; and 
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6 a proxy server object for interconnecting the diode handler object to a 

7 remotable session viewer in the workstation. 



1 15, A system for allowing access by a workstation connected to a first network 

2 of a highest security level, to infornnation in a second network of a lower security 

3 level, the system comprising: 

Ci 4 a diode handler object for communicating between the system and a 

£ . E 

m 5 diode that allows information to flow in only one direction; 

6 a proxy client object for interconnecting the diode handler object to a 

7 remotable session; and 

8 a switch handler object connected to the proxy client object for commu- 
P 9 nicating between the proxy client object and a switching unit. 



1 16. The system of claim 15 wherein the diode handler object applies software 

2 throttling to the information. 
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